Jump to content

Recommended Posts

Posted (edited)

Ref.: Eset IS 12.1.34

Refer to the circled portion of the below screen shot. I did not manually make the "0 - 65535" change.

In essence, this means that Eset is scanning all computer traffic; for all system and app processes.

Eset_HTTPS.thumb.png.d1ef934f22eeedcbd5269b2a68ec352b.png

Edited by itman

Share this post


Link to post
Share on other sites

I have no clue. I have various ESET products installed and everywhere is port 443:

image.png

Also I'm not sure if a range of ports will work; it's accepted by the validator, however, the tooltip says that ports must be delimited by a comma. Even if it worked, ESET supports only HTTP(S), POP3(S) and IMAP(S) protocols so other communication would not be scanned anyways.

Share this post


Link to post
Share on other sites
2 hours ago, Marcos said:

Also I'm not sure if a range of ports will work; it's accepted by the validator, however, the tooltip says that ports must be delimited by a comma.

There is a comma between 443 and 0 - 65535; i.e. 443,0 - 65535. The question is what would have changed this setting without my knowledge?

Also it appears it is scanning everything. For example "System;" i.e. ntoskrnl.exe is one of the apps listed in the scan listing. I will just delete everything there and let Eset repopulate it.

Share this post


Link to post
Share on other sites
Posted (edited)
3 hours ago, Marcos said:

I have no clue. I have various ESET products installed and everywhere is port 443

I found out what caused this to be created. Click on the default setting icon for Web Protocols. The result is " , 0- 65535" is added to the existing 443 setting.

So again, need to know is this by design or a bug. My suspicion is 0-65535 is being used for HTTP monitoring everything except HTTPS. In other words, Eset is scanning all inbound communication.

Edited by itman

Share this post


Link to post
Share on other sites

I now have 443-600 there. I reset to defaults a 2-3 hours ago as I thought that could be the culprit, however, when I reopened advanced setup, there was 443 only. Not sure what happened in the mean time besides a module update. Looks like a bug but it's not yet clear when it occurs.

Share this post


Link to post
Share on other sites

Now I am wondering if these IDS detections are related to this:

Time;Event;Action;Source;Target;Protocol;Rule/worm name;Application;User
7/2/2019 1:49:49 PM;Connection to Server RPC service;Blocked;127.0.0.1:50562;127.0.0.1:445;TCP;;System;

There are usually 4 of these log enties in a row. Started around 6/19. So far 2 prior sequences and one that occurred after I set HTTPS port back to port 443 exclusively today!

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...